Return time_uptime as value for when pf was enabled instead of

time_second.  Since time_second changes depending on the wall-
clock time, time_second is not a reliable source for the status.
We can even end up with a negative time delta.  Thus, use the
monotonically growing time_uptime and export it to userland.

ok bluhm@ mikeb@

diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index a69acb2..8f5ec3f 100644 (file)
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfctl_parser.c,v 1.311 2017/05/15 16:56:42 mikeb Exp $ */
+/*     $OpenBSD: pfctl_parser.c,v 1.312 2017/06/01 14:38:28 patrick Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -519,15 +519,17 @@ void
 print_status(struct pf_status *s, int opts)
 {
        char                    statline[80], *running, *debug;
-       time_t                  runtime;
+       time_t                  runtime = 0;
+       struct timespec         uptime;
        int                     i;
        char                    buf[PF_MD5_DIGEST_LENGTH * 2 + 1];
        static const char       hex[] = "0123456789abcdef";
 
-       runtime = time(NULL) - s->since;
+       if (!clock_gettime(CLOCK_UPTIME, &uptime))
+               runtime = uptime.tv_sec - s->since;
        running = s->running ? "Enabled" : "Disabled";
 
-       if (s->since) {
+       if (runtime) {
                unsigned int    sec, min, hrs;
                time_t          day = runtime;
 

diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 9c6b02e..541cb72 100644 (file)
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf_ioctl.c,v 1.313 2017/05/30 19:37:54 henning Exp $ */
+/*     $OpenBSD: pf_ioctl.c,v 1.314 2017/06/01 14:38:28 patrick Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1005,7 +1005,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
                        error = EEXIST;
                else {
                        pf_status.running = 1;
-                       pf_status.since = time_second;
+                       pf_status.since = time_uptime;
                        if (pf_status.stateid == 0) {
                                pf_status.stateid = time_second;
                                pf_status.stateid = pf_status.stateid << 32;
@@ -1020,7 +1020,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
                        error = ENOENT;
                else {
                        pf_status.running = 0;
-                       pf_status.since = time_second;
+                       pf_status.since = time_uptime;
                        pf_remove_queues();
                        DPFPRINTF(LOG_NOTICE, "pf: stopped");
                }
@@ -1674,7 +1674,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
                bzero(pf_status.counters, sizeof(pf_status.counters));
                bzero(pf_status.fcounters, sizeof(pf_status.fcounters));
                bzero(pf_status.scounters, sizeof(pf_status.scounters));
-               pf_status.since = time_second;
+               pf_status.since = time_uptime;
 
                break;
        }

diff --git a/usr.bin/systat/pf.c b/usr.bin/systat/pf.c
index 6e282bb..96b214d 100644 (file)
--- a/usr.bin/systat/pf.c
+++ b/usr.bin/systat/pf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf.c,v 1.8 2016/01/02 20:03:28 benno Exp $ */
+/*     $OpenBSD: pf.c,v 1.9 2017/06/01 14:38:28 patrick Exp $ */
 /*
  * Copyright (c) 2001, 2007 Can Erkin Acar <canacar@openbsd.org>
  *
@@ -220,7 +220,8 @@ void
 print_pf(void)
 {
        char            *debug;
-       time_t          tm;
+       time_t          tm = 0;
+       struct timespec uptime;
        int             i;
        struct pf_status *s = &status;
 
@@ -229,7 +230,8 @@ print_pf(void)
        if (end > num_disp)
                end = num_disp;
 
-       tm = time(NULL) - s->since;
+       if (!clock_gettime(CLOCK_UPTIME, &uptime))
+               tm = uptime.tv_sec - s->since;
 
        ADD_LINE_S("pf", "Status", s->running ? "Enabled" : "Disabled");
        ADD_LINE_A("pf", "Since", tm);

diff --git a/usr.sbin/snmpd/mib.c b/usr.sbin/snmpd/mib.c
index f53d937..995f887 100644 (file)
--- a/usr.sbin/snmpd/mib.c
+++ b/usr.sbin/snmpd/mib.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mib.c,v 1.83 2017/01/31 21:31:04 sthen Exp $  */
+/*     $OpenBSD: mib.c,v 1.84 2017/06/01 14:38:28 patrick Exp $        */
 
 /*
  * Copyright (c) 2012 Joel Knight <joel@openbsd.org>
@@ -1650,7 +1650,8 @@ int
 mib_pfinfo(struct oid *oid, struct ber_oid *o, struct ber_element **elm)
 {
        struct pf_status         s;
-       time_t                   runtime;
+       time_t                   runtime = 0;
+       struct timespec          uptime;
        char                     str[11];
 
        if (pf_get_stats(&s))
@@ -1661,10 +1662,8 @@ mib_pfinfo(struct oid *oid, struct ber_oid *o, struct ber_element **elm)
                *elm = ber_add_integer(*elm, s.running);
                break;
        case 2:
-               if (s.since > 0)
-                       runtime = time(NULL) - s.since;
-               else
-                       runtime = 0;
+               if (!clock_gettime(CLOCK_UPTIME, &uptime))
+                       runtime = uptime.tv_sec - s.since;
                runtime *= 100;
                *elm = ber_add_integer(*elm, runtime);
                ber_set_header(*elm, BER_CLASS_APPLICATION, SNMP_T_TIMETICKS);